arno-iptables-firewall is a front-end for iptables. Its configuration script
will set up a secure and restrictive firewall by just asking a few questions.
This includes configuring internal networks for Internet access via NAT, and
potential network services like http or ssh. Moreover, it provides advanced
additional features that can be enabled in the well documented configuration
file.

NOTE - The setup script will NOT run automatically after the package has been
installed. In order to run the script, the following command has to be issued:

# arno-iptables-firewall-configure

In order to start the firewall automatically at boot-time, an "rc.firewall"
symlink to the startup script has to be created in /etc/rc.d/ and of course
the startup script itself should be executable:

# cd /etc/rc.d/
# ln -sv rc.arno-iptables-firewall rc.firewall
# chmod +x rc.arno-iptables-firewall

In order to disable startup of the firewall at boot time, remove the symlink or
the executable bit from the startup script:

# rm /etc/rc.d/rc.firewall
# chmod -x /etc/rc.d/rc.arno-iptables-firewall

The firewall can also be started manually with one of the following commands:

# arno-iptables-firewall start
# /etc/rc.d/rc.arno-iptables-firewall start

Please refer to the man page for more details.


IMPORTANT - A few security notes from the upstream author:

1) If possible make sure that the firewall is started before the (ADSL) Internet
connection is enabled. For a ppp-interface that doesn't exist yet, you can use
the wildcard device called "ppp+" (but you can only use ppp+ if there aren't any
other ppp interfaces).

2) Don't change any (security) settings ('EXPERT SETTINGS') if you don't really
understand what they mean. Changing them anyway could have a big impact on the
security of your machine.

3) A lot of people complain that their server stopped working after installing
the firewall. This is the correct behaviour for a firewall: blocking all
incoming traffic by default. Configure your OPEN_TCP (e.g.) accordingly.
